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DETAILED ACTION 



Response to Amendment 



1. 



This Office Action is responsive to the amendment filed October 27, 2008. 



2. 



Claims 35-58 are pending. 



Response to Arguments 



3. Applicant's arguments filed October 27, 2008 have been fully considered but they are not 
persuasive. 

4. Applicants argue that the Office Action fails to show where receiving a selection of first 
payment instrument from the buyer. In response, the Examiner notes that Gifford teaches this 
feature is figure 4. That is, Gifford allows the user to select which card to use for the transaction. 

5. Applicants argue Gifford does not expressly disclose linking the PKI key pair to at least a 
first payment instrument. However, the Examiner respectfully disagrees. The smart card of 
Gifford is linked to a key (see col. 10, lines 64-66). 

6. Applicants argue that Gifford does not teach receiving a selection of one of the plurality 
of payment instrument because there is no suggestion that the payment type is linked to the 
buyer's PKI pair, or that a buyer can be authorized to use the payment type. Additionally, 
Applicants assert that providing an account number is not selecting a payment instrument as 
recited in the claims. The Examiner respectfully disagrees. It is true that the buyer in Gifford 
selects the payment instrument and the account to use for the transaction. If the user is 
authenticated and his funds verified then the transaction is authorized. 

7. Applicants argue that the step of sending data from the buyer profile to the buyer over the 
network is not an inherent step. However, the Examiner respectfully disagrees. Gifford teaches a 
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user receiving a certificate, which is used for pre-authorization from the payment computer (see 
col. 7, lines 40-54); the payment computer has several databases relating to the user (see col. 8, 
lines 1-7). Notice, in Gifford, the certificate and the user payment order is sent to the merchant. 
Thus, before selecting the payment method and address information, the buyer is provided with 
at least the certificate. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

9. Claims 35, 37-42, 44-49, 51-58 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent No. 6205437 to Gifford in view of U.S. Publication NO. 2004/0243520 to 
Bishop et al. ("Bishop") and US Publication NO. 2001/0044787 to Shwartz et al. ("Shwartz") 

Referring to claims 35 and 42, Gifford discloses at a payment authorization service, 
storing a public key associated with a public key infrastructure (PKI) key pair in a profile 
database (see col. 10, lines 37-42 - at the payment computer, the public key corresponding to 
each sender is kept in a database), linking the PKI key pair to at least a first payment instrument ( 
see col. 10, lines 48-67; col. 11, lines 1-7 - the smart card including a secret key is used to sign 
the payment order), in response to receiving an authentication request from the buyer over a 
network, the authentication request including a description of the payment transaction and an 
identity of a seller (see col. 6, lines 16-32), the seller separate from the payment authorization 



Application/Control Number: 09/8 1 8,084 Page 4 

Art Unit: 3685 

service (see Fig. 1, items 63 & 68), receiving a selection of the first payment instrument from the 
buyer (see fig. 4 and related text) storing a digitally signed record of the payment transaction in 
a transaction archive, i.e. "transaction database" (see col. 8, lines 16-19), notifying the seller that 
the buyer is authorized to the first payment instrument (see col. 6, lines54-65 & fig. 6, items 27- 
29). Gifford does not expressly disclose sending a challenge request to the buyer over the 
network, the challenge request including a summary of the payment transaction, in response to 
receiving a challenge response from the buyer over the network, the challenge response 
including summary of the payment transaction digitally signed by the buyer, determining that 
buyer has access to the private key and that the buyer is authorized to use the first payment 
instrument by using the public key to decrypt the digitally signed message. Bishop discloses 
sending a challenge request to the buyer over the network, in response to receiving a challenge 
response from the buyer over the network, the challenge response including summary of the 
payment transaction digitally signed by the buyer, determining that buyer has access to the 
private key and that the buyer is authorized to use a first payment instrument by using the public 
key to decrypt the digitally signed message (see paragraphs [0094] & [0095]). Shwartz discloses 
the challenge request including a summary of the payment transaction (see paragraphs [0182]- 
[0184]). At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to modify the method of Gifford to include the features taught by Bishop and 
Shwartz because it protects the network server from attacks and improve the ease and safety of 
electronic commerce for consumers (see Bishop & Shwartz ). 

Referring to claims 37, 44 and 51, Gifford discloses the method wherein the record of the 
payment transaction is digitally signed using the private key (see col. 10, lines 43-45). 
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Referring to claims 38, 45 and 52, Gifford discloses the method wherein the record of the 
online transaction is digitally signed using a local private key (see col. 10, lines 48 & 49). 

Referring to claims 39, 46 and 53, Gifford discloses the method wherein the public key is 
stored in the form of a digital certificate representing that the public key is tied to the buyer (see 
col. 7, lines 44-46). 

Referring to claims 40, 47 and 54, Gifford discloses several databases including account 
database storing account information and an address database storing shipping address 
information (see col. 8, lines 12-24 and 33-36) . Gifford also discloses receiving a selection of 
one of the plurality of payment instruments (i.e. "means of payment") and one of the plurality of 
shipping addresses from the buyer over the network (see col. 5, lines 34-50; col. 8, lines 33-35). 
Gifford does not expressly disclose retrieving a buyer profile from the database, the buyer profile 
being linked to the PKI key pair and including a plurality of payment instruments and a plurality 
of shipping address and sending the buyer profile to the buyer over the network; however, these 
are inherent steps. Before selecting the method of payment and address information, the buyer 
must first be provided with his profile. 

Referring to claims 41,48 and 55, Gifford discloses processing the payment transaction 
via a payment gateway (i.e. "payment computer") see col. 6, lines 12-14. 

Referring to claim 49, Gifford discloses a profile database, i.e. account database and 
address database, transaction archive, i.e. settlement database" (see col. 7, lines 66-67 & col. 8, 
lines 1-7) an authentication service web server (i.e. "payment computer") coupled to the profile 
database, the transaction archive and the network, the authentication service web server 
adaptively configured to (see col. 4, lines 46-55) store a public key associated with a public key 
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infrastructure (PKI) key pair in a profile database (see col. 10, lines 37-42), in response to 
receiving an authentication request from a buyer over a network, the authentication request 
including a description of the payment transaction and an identity of a seller (see col. 6, lines 16- 
32), receive a selection of the first payment instrument from the buyer (see fig. 4 & related text) 
store a digitally signed record of the payment transaction in a transaction archive, i.e. 
"transaction database" (see col. 8, lines 16-19) and storing a digitally signed record of the 
payment transaction in a transaction archive, i.e. "transaction database" (see col. 8, lines 16-19), 
notifying the seller that the buyer is authorized to the first payment instrument (see col. 6, 
lines54-65 & fig. 6, items 27-29). Gifford does not expressly disclose the web server adaptively 
configured to send a challenge request to the buyer over the network, the challenge request 
including a summary of the payment transaction to be displayed to the buyer then digitally 
signed by the buyer using a private key associate with the PKI key pair, or in response to 
receiving a challenge response from the buyer over the network, the challenge response 
including the digitally singed summary of the payment transaction, determine whether the buyer 
has access to the private key by using the public key to decrypt the digitally signed summary of 
the payment transaction. Bishop discloses sending a challenge request to the buyer over the 
network, the challenge request message to be displayed to the buyer then digitally signed by the 
buyer using a private key associate with the PKI key pair, or in response to receiving a challenge 
response from the buyer over the network, the challenge response including the digitally singed 
message, determining whether the buyer has access to the private key by using the public key to 
decrypt the digitally signed message (see paragraphs [0094] & [0095]). Shwartz discloses the 
challenge request including a summary of the payment transaction (see paragraphs [0182]- 
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[0184]). At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to modify the method disclose by Gifford to include the steps of the web server 
adaptively configured to send a challenge request to the buyer over the network, the challenge 
request including a summary of the payment transaction to be displayed to the buyer then 
digitally signed by the buyer using a private key associate with the PKI key pair, or in response 
to receiving a challenge response from the buyer over the network, the challenge response 
including the digitally singed summary of the payment transaction, determine whether the buyer 
has access to the private key by using the public key to decrypt the digitally signed summary of 
the payment transaction. One of ordinary skill in the art would have been motivated to do this 
because it protects the network server from attacks and improve the ease and safety of electronic 
commerce for consumers (see Bishop & Shwartz). 

As per claims 56-58, the combination of Gifford, Bishop, and Shwartz disclose these 
features (see claim 35 & 42 above). 

10. Claims 36,43 and 50 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gifford, Bishop et al. and Shwartz et al. as applied to claims 35, 42 and 49 above, and further in 
view of US Publication NO. 2001/0014158 to Baltzley. 

Gifford discloses PKI key pair (see claims 35 and 42 above). Gifford does not expressly 
disclose creating the PKI key pair, and sending the private key to the buyer over the network. 
Baltzley discloses creating the PKI key pair (see paragraph [0010], and sending the private key 
to the buyer over the network (see paragraph [001 1]). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to modify the method disclose by 
Gifford to include the steps of creating the PKI key pair, and sending the private key to the buyer 
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over the network. One of ordinary skill in the art would have been motivated to do this because 
it prevents fraud by providing additional security. 

Conclusion 

1 1 . Functional recitation(s) using the word "for" or other functional language {e.g. "adapted 
to" in claim 54) have been considered but are given little patentable weight 1 because they fail to 
add any structural limitations and are thereby regarded as intended use language. A recitation of 
the intended use of the claimed product must result in a structural difference between the claimed 
product and the prior art in order to patentably distinguish the claimed product from the prior art. 
If the prior art structure is capable of performing the intended use, then it reads on the claimed 
limitation. In re Casey, 370 F.2d 576, 152 USPQ 235 (CCPA 1967) ("The manner or method in 
which such machine is to be utilized is not germane to the issue of patentability of the machine 
itself."); In re Otto, 136 USPQ 458, 459 (CCPA 1963). See also MPEP §§ 2114 and 2115. 
Unless expressly noted otherwise by the Examiner, the claim interpretation principles in this 
paragraph apply to all examined claims currently pending. 

12. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 



1 See e.g. In re Gulack, 703 F.2d 1381, 217 USPQ 401, 404 (Fed. Cir. 1983)(stating that 
although all limitations must be considered, not all limitations are entitled to patentable weight). 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 571-272-6714. The 
examiner can normally be reached on Monday - Friday 10:00 -6:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Calvin Hewitt II can be reached on 571-272-6709. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Primary Examiner, Art Unit 3685 



